cisco lab 56

8/13/2019 cisco lab 56

1/102

The UltimateCCNA Lab Workbook

Labs Designed For CCNA Rack Rentals

At www.thebryantadvantage.com

Chris BryantCCIE #12933

www.thebryantadvantage.com

Chris Bryant, CCIE #12933www.thebryantadvantage.com

2005 The Bryant Advantage

8/13/2019 cisco lab 56

2/102

Copyright Information:

Cisco, Cisco Systems, CCIE, Cisco Certified Internetwork Expert,Cisco Certified Network Associate, and Cisco Certified Network

Professional are registered trademarks of Cisco Systems, Inc.,

and/or its affiliates in the U.S. and certain countries.

All other products and company names are the trademarks, registeredtrademarks, and service marks of the respective owners. Throughout

this ebook, The Bryant Advantage has used its best efforts todistinguish proprietary trademarks from descriptive names byfollowing the capitalization styles used by the manufacturer.

Disclaimer:

This publication, T h e B r y a n t A d v a n t a g e CCNA L a b W o r k b o o k , is

designed and intended to assist candidates in preparation for the examfor the Cisco Certified Network Associate and Cisco Certified

Network Professional certifications. All efforts have been made bythe author to make this book as accurate and complete as possible,

but no guarantee, warranty, or fitness are implied, expressly orimplicitly. The enclosed material is presented on an as is basis.

Neither the author, Bryant Instructional Services, or the parent

company assume any liability or responsibility to any person or entitywith respect to loss or damages incurred from the informationcontained in this workbook.

Copyright 2005, The Bryant Advantage.



8/13/2019 cisco lab 56

3/102

8/13/2019 cisco lab 56

4/102

Please Read The Following Rules Carefully.Theyre Not The Usual mumbo jumboLegalities.

By connecting to my remote labs, you agree to abide by the

following rules.

1. Do not change the configuration of the access server inany way. Doing so may end your session, and a refund

will not be given. You will also be prohibited from rentingthe pods in the future.

2. Do not change the configuration register of any router orswitch.

3. You are more than welcome to practice your enablesecret, enable password, console password, and telnet

passwords. However, you MUST use the passwordscisco or ccna, without the quotation marks. Uppercase or lower case is fine.

Thank you!

Connecting To Your Remote Pod

Getting started with your pod of Cisco routers and 2950 switches iseasy! First, youll need to Telnet to your access server. The IPaddress, username, and password for your session was sent to you in

a separate email. (The phone numbers for your ISDN connection isalso in that email.)

You can use any Telnet version to connect to your access server. Youcan use HyperTerminal if you like, but Ive seen some versions have

trouble with Telnet. If you use HyperTerminal and have troubleauthenticating, use Telnet by going out to your C: prompt.



8/13/2019 cisco lab 56

5/102

From your C: prompt, you can type telnet to go into Microsoft telnet,or type telnet x.x.x.x, with the IP address in place of the xs.

C:\> telnet

Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]'

Microsoft Telnet> open 100.100.100.100 (put the IP address

you were sent in email in place of the 100.100.100.100)

User Access Verification

Username:

Password:

OR:

C:\>telnet 100.100.100.100


Username:

Password:

A few tips for logging in:

1. You will be prompted for a username, then a password.2. Do not hit the space bar at the end of entering either; this will

send a null space and you will not be authenticated.

3. The cursor WILL NOT MOVE when you enter your username andpassword. Thats a Cisco default. You will not see asterisks, as

you do when logging in to most Microsoft products.

After entering your username and password, youll be put intoprivileged exec mode on the access server:



8/13/2019 cisco lab 56

6/102


Password:

BRYANT_POD_ONE#

Your three routers and two Cisco 2950 switches are all connected tothis access server. Heres how to access each device.

First, clear the lines leading to the other devices.

BRYANT_POD_ONE#clear line 01

[confirm][OK]

BRYANT_POD_ONE#clear line 02[confirm]

[OK]BRYANT_POD_ONE#clear line 03

[confirm][OK]

BRYANT_POD_ONE#clear line 04[confirm]

[OK]BRYANT_POD_ONE#clear line 05[confirm]

[OK]

BRYANT_POD_ONE#

When you see the [confirm] choice, just hit your enter key to accept it.

Now that the lines are cleared, youre going to connect to each device

from your access server. This reads like a long process, but it will onlytake you a minute or two.

Type R1 at the prompt:

BRYANT_POD_ONE#r1



8/13/2019 cisco lab 56

7/102

Trying R1 (100.1.1.1, 2001)... Open

R1#

Note: When you see the word Open, hit the Enter key again. Youll

then see the prompt for R1.

Now, you need to learn the big keystroke that youll be using to goback from the access server. Here it is:

< X>

This keystroke is a little awkward at first, but before long youll be

doing it without thinking about it. You hit ctrl-shift-6 the same wayyoud enter ctrl-alt-delete (we all know that one!), then release those

keys and hit x. Then youre right back at the access server. Repeat

the process for R2, R3, SW1, and SW2.

R1# < Use above keystroke to go back to access server >

BRYANT_POD_ONE#r2Trying R2 (100.1.1.1, 2002)... Open

R2# < Use above keystroke to go back to access server >BRYANT_POD_ONE#r3

Trying R3 (100.1.1.1, 2003)... Open

R3# < Use above keystroke to go back to access server >BRYANT_POD_ONE#sw1

Trying SW1 (100.1.1.1, 2004)... Open

sw1# < Use above keystroke to go back to access server >BRYANT_POD_ONE#sw2

Trying SW2 (100.1.1.1, 2005)... Open

sw2# < Use above keystroke to go back to access server >BRYANT_POD_ONE#

Remember, youre always coming back to the access server to get

from one router to another. Before long, youll be using thatkeystroke without even thinking about it.

Now that youve created those connections, you will use only thenumber of the connection to go back to each device. At the access

server, just type these numbers to get to each device:



8/13/2019 cisco lab 56

8/102

1: R1

2: R23: R3

4: SW1

5: SW2

Dont type the entire name of the device again; just type the numbers

you see here on the access server, as shown below.

BRYANT_POD_ONE#1[Resuming connection 1 to r1 ... ]

R1#BRYANT_POD_ONE#2

[Resuming connection 2 to r2 ... ]

R2#BRYANT_POD_ONE#3

[Resuming connection 3 to r3 ... ]

R3#BRYANT_POD_ONE#4

[Resuming connection 4 to sw1 ... ]

sw1#

BRYANT_POD_ONE#5[Resuming connection 5 to sw2 ... ]

sw2#BRYANT_POD_ONE#

Dont forget to hit enter again after you see the resumingconnection message. That will get you to the enable prompt.

Thats all there is to it!

Table Of Contents



8/13/2019 cisco lab 56

9/102

8/13/2019 cisco lab 56

10/102

IP Addressing Lab

Youve got to know how to assign IP addresses to pass the CCNA

exams, and youre about to get a lot of practice. Were going to

configure physical interfaces, logical interfaces, and loopbackinterfaces.

You also need to know how to name a router. We do this with thehostname command. Change the names of the routes to whatever

you like, but after practicing this command, change the names back toR1, R2, R3, SW1, and SW2. Those are the names youll see through

the lab workbook.

R1#conf tEnter configuration commands, one per line. End with CNTL/Z.

R1(config)#hostname Router1Router1(config)#hostname R1R1(config)#^Z

R1#

The ^Z youll see on the screen is what ctrl-z sends to the console,and of course, you know from your CCNA reading that ctrl-z brings you

back out to the enable prompt.

Notice that the hostname command took effect immediately, as all

global commands do.

Lets take a look at the networks well be configuring.

Network Type Network / SubnetMask

Ethernet (R2, R3) 172.23.23.0 /27

ISDN (R1, R2) 172.12.21.0 /30

Serial to Frame Relay Cloud (All) 172.12.123.0 /24

Directly Connected Serial Interfaces(R1, R3)

172.12.13.0 /24

Router 1 Loopback Address 1.1.1.1 / 32

Router 2 Loopback Address 2.2.2.2 /32

Router 3 Loopback Address 3.3.3.3 / 32


1


8/13/2019 cisco lab 56

11/102

Lets start with R1. DO NOT OPEN THE SERIAL 0 INTERFACES.

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#interface serial0

R1(config-if)#ip address 172.12.123.1 255.255.255.0R1(config-if)#interface serial1R1(config-if)#ip address 172.12.13.1 255.255.255.0

R1(config-if)#no shut

R1(config-if)#

00:18:34: %LINK-3-UPDOWN: Interface Serial1, changed state to downR1(config-if)#interface loopback0R1(config-if)#ip address 1.1.1.1 255.255.255.255

R1(config-if)#interface bri0R1(config-if)#ip address 172.12.21.1 255.255.255.252


R1(config-if)#00:19:11: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

00:19:11: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down

00:19:11: %LINK-3-UPDOWN: Interface BRI0, changed state to up00:19:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed

state

to down

00:19:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changedstate

to down

R1(config-if)#wr

Building configuration.

Dont worry about the line protocols being down; other labs will take

care of that. All were doing right now is setting the IP addresses andopening the interfaces. Get used to saving your work as often as

possible with wr, short for write. Use IOS Help to see the optionsand the defaults. (Remember, IOS Help is the question mark symbol.)

Dont forget to open the interfaces! If youre having a connectivity

problem and run a command such as show interface ethernet 0,

and you see the following, it means the interface is manually closedand needs to be opened with the no shut command.

R2#show interface ethernet0

Ethernet0 is administratively down, line protocol is down

Now configure R2s interfaces. Do not open interface serial0.


2


8/13/2019 cisco lab 56

12/102


R2(config-if)#encap frameR2(config-if)#no frame inverse-arpR2(config-if)#interface serial 0.123 multipoint

R2(config-subif)#ip address 172.12.123.2 255.255.255.0R2(config-subif)#interface bri0R2(config-if)#ip address 172.12.21.2 255.255.255.252R2(config-if)#no shut

R2(config-if)#

00:27:23: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down00:27:23: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down

00:27:23: %LINK-3-UPDOWN: Interface BRI0, changed state to up

R2(config-if)#i

00:27:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changedstate to down

00:27:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changedstate to downR2(config-if)#interface ethernet0

R2(config-if)#ip address 172.23.23.2 255.255.255.224

R2(config-if)#no shut00:28:45: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up

00:28:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed

state to up

R2(config-if)#interface loopback0R2(config-if)#ip address 2.2.2.2 255.255.255.255

R2(config-if)#^Z

R2#

Note that you configured frame relay on R2. That allows us to create

the multipoint subinterface. Frame Relay will be covered completely ina later lab, but you cannot create that multipoint interface until youve

enable frame relay.

Also notice that you dont have to run no shut on a loopbackinterface. (Its not wrong if you do, but you dont have to.

Lets configure R3s interfaces. Do not open interface serial0.

R3#conf t


R3(config)#interface serial 0R3(config-if)#encap frame

R3(config-if)#no frame inverse-arp

R3(config-if)#interface serial0.31 point-to-point


3


8/13/2019 cisco lab 56

13/102

R3(config-subif)#ip address 172.12.123.3 255.255.255.0

R3(config-subif)#interface serial 1R3(config-if)#ip address 172.12.13.3 255.255.255.0


00:33:32: %LINK-3-UPDOWN: Interface Serial1, changed state to up

00:33:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changedstate to up

R3(config-if)#interface ethernet0

R3(config-if)#ip address 172.23.23.3 255.255.255.224R3(config-if)#no shut

00:33:46: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up

00:33:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changedsta te to up

R3(config-if)#interface loopback0

00:33:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed

state to down

R3(config-if)#ip address 3.3.3.3 255.255.255.0

Again, note that you configured frame relay on the serial0 physical

interface, then created a point-to-point subinterface. The Serial0physical interface then had to be opened.

I urge you to not just walk through these labs, but to use the show

and debug commands youll read about in this book, in my UltimateCCNA Study Guide PDF, and to use IOS Help often to see the otheroptions. Take advantage of the fact that youre working with real

Cisco routers and switches, not toys like simulator programs.

You do not need to configure IP addresses on the switches.

Theres another command Id like to introduce you to, since we all

mistype from time to time. Notice what happens when you mistype acommand on a Cisco router:

R3#hudjgmg

Translating "hudjgmg"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find computer address

By default, a Cisco router or switch is going to attempt to resolve a

mistyped command via DNS. Thats what the domain server is thatits looking for, and of course you know that 255.255.255.255 is a

layer 3 broadcast.


4


8/13/2019 cisco lab 56

14/102

This only takes about 15 seconds to come back with the unknowncommand line in a practice lab, but it can take much longer in a

production network. To disable this default behavior, use the globalcommand no ip domain-lookup on each device in your pod. Notice

that immediately after using this command, the router tries to resolve

the command locally but does not send the broadcast out.

R3#conf t


R3(config)#no ip domain-lookupR3(config)#^Z

R3#jfujjke

00:50:24: %SYS-5-CONFIG_I: Configured from console by consoleR3#jfujjke

Translating "jfujjke"

% Unknown command or computer name, or unable to find computer address

As with all commands you read about and practice with in my books,do not run a command on a production network unless you aresure of the result. VERY sure. This is particularly true of

the debugs youll be using in my labs.

Congratulations! Youve now configured plenty of IP addresses. If

youre confronted with that task on one of your CCNA exams, youremore than ready. Just dont forget to open the interfaces on exam

day!


5


8/13/2019 cisco lab 56

15/102

LAN Switching Lab

With the command vtp domain, place both switches in the vtpdomain CCNA. Enable pruning with the vtp pruning command. You

can also set a password of CISCO for VTP.

SW1#conf tSW1(config)#vtp domain CCNA

Changing VTP domain name from NULL to CCNA

SW1(config)#vtp password CISCOSetting device VLAN database password to CISCO

SW1(config)#vtp pruning

Pruning switched on

SW2#conf t

SW2(config)#vtp domain CCNAChanging VTP domain name from NULL to CCNASW2(config)#vtp password CISCO

Setting device VLAN database password to CISCO

SW2(config)#vtp pruningPruning switched on

The VTP domain name changes from null, indicating that there wasno VTP domain previously set.

Run show vtp status on both routers to ensure they belong to the

correct VTP domain.

SW1#show vtp statusVTP Version : 2

Configuration Revision : 1

Maximum VLANs supported locally : 1005Number of existing VLANs : 5

VTP Operating Mode : ServerVTP Domain Name : CCNA

VTP Pruning Mode : Enabled

SW2#show vtp statusVTP Version : 2Configuration Revision : 1

Maximum VLANs supported locally : 1005

Number of existing VLANs : 5

VTP Operating Mode : Server

VTP Domain Name : CCNA


6


8/13/2019 cisco lab 56

16/102

VTP Pruning Mode : Enabled

By default, both switches are in VTP Server mode. With the vtp mode

clientcommand, put SW2 in vtp client mode. All VLANs created inthis lab will now have to be created on SW1, the VTP Server. Verify

the change with show vtp status.

SW2#conf t

Enter configuration commands, one per line. End with CNTL/Z.SW2(config)#vtp

01:10:41: %SYS-5-CONFIG_I: Configured from console by console

SW2(config)#vtp mode clientSetting device to VTP CLIENT mode.

SW2(config)#^Z

01:10:47: %SYS-5-CONFIG_I: Configured from console by console

SW2#show vtp statusVTP Version : 2

Configuration Revision : 1Maximum VLANs supported locally : 64Number of existing VLANs : 5

VTP Operating Mode : ClientVTP Domain Name : CCNAVTP Pruning Mode : Enabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0xB2 0xD2 0xE9 0x70 0xF1 0x6B 0xA1 0x04Configuration last modified by 0.0.0.0 at 3-1-93 01:10:14

Run show cdp neighbors on the switches to see what devices aredirectly connected to the switches.

SW1#show cdp neighbor

Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port IDSW2 Fas 0/12 152 S I WS-C2950-1 Fas 0/12

SW2 Fas 0/11 152 S I WS-C2950-1 Fas 0/11

R2 Fas 0/2 129 R 2520 Eth 0

SW2#show cdp neighbor

Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port IDSW1 Fas 0/12 150 S I WS-C2950-2 Fas 0/12


7

SW1 Fas 0/11 150 S I WS-C2950-2 Fas 0/11


8/13/2019 cisco lab 56

17/102

R3 Fas 0/3 138 R 2500 Eth 0

You can see in the output of show cdp neighborsthat the two

switches are connected at fast 0/11 and fast 0/12. Show interfacetrunkshows that the trunk has already been created dynamically,

with no additional configuration.

SW2#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/11 desirable 802.1q trunking 1

Fa0/12 desirable 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/11 1-4094

Fa0/12 1-4094

Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1

Port Vlans in spanning tree forwarding state and not prunedFa0/11 1

Fa0/12 none

Show vlan brief reinforces the theory that by default, all switch portsare placed into VLAN 1 (except the trunk ports).

SW2#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10

R2 and R3s Ethernet addresses have already been configured, the

trunk line is operational, and both ports are in VLAN 1. Ping R2sEthernet interface from R3, and then R3s Ethernet interface from R2to verify IP connectivity.


8


8/13/2019 cisco lab 56

18/102

R2#ping 172.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

R3#ping 172.23.23.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

With pings, exclamation points indicate good connectivity, and periods

indicate no connectivity.

Now, create VLAN 23. Try creating this vlan on SW2 first.

SW2#conf t


SW2(config)#vlan 23

VTP VLAN configuration not allowed when device is in CLIENT mode.

As you can see, you cannot create, delete, or modify VLANs on VTPclients. This VLAN will have to be created on SW1, the VTP server.

After doing so, the VTP client should see VLAN 23 as well.

SW1#conf tEnter configuration commands, one per line. End with CNTL/Z.

SW1(config)#vlan 23

SW1(config-vlan)#^Z

01:23:34: %SYS-5-CONFIG_I: Configured from console by consoleSW1#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22Fa0/23, Fa0/24

23 VLAN0023 active


9


8/13/2019 cisco lab 56

19/102

SW2#show vlan br

01:23:55: %SYS-5-CONFIG_I: Configured from console by consoleSW2#show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- ------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/1023 VLAN0023 active

On sw1, put port fast 0/2 into VLAN 23. (Thats the port connected toR2.) Verify with show vlan brief.

SW1#conf t


SW1(config)#int fast 0/2SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 23

SW1(config-if)#^Z

SW1#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5

Fa0/6, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/2423 VLAN0023 active Fa0/2


10


8/13/2019 cisco lab 56

20/102

Now that R2 and R3 are in separate VLANs, can they still send pingsback and forth?

R2#ping 172.23.23.3Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:.....

Success rate is 0 percent (0/5)

R3#ping 172.23.23.2



.....

No, they cant. The difference is that theyre now in separate VLANs,and devices in different VLANs cant communicate unless routing is

taking place somewhere. Here, no routing is taking place, so thepings dont go through.

Put R3s switch port into VLAN 23, and try the ping again.

SW2#conf t


SW2(config)#interface fast0/3

SW2(config-if)#switchport mode access

SW2(config-if)#switchport access vlan 23SW2(config-if)#^Z01:31:57: %SYS-5-CONFIG_I: Configured from console by console

SW2#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------

1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5Fa0/6, Fa0/7, Fa0/8, Fa0/9

Fa0/10

23 VLAN0023 active Fa0/3

R3#ping 172.23.23.2


!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms


11


8/13/2019 cisco lab 56

21/102

R2#ping 172.23.23.3


Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:!!!!!

Now that R2 and R3 are in the same VLAN, pings can go through.

On SW1, view the spanning tree information for VLAN 23 with the

show spanning tree vlan 23 command. Do the same on SW2.

SW1#show spanning vlan 23

VLAN0023Spanning tree enabled protocol ieee

Root ID Priority 32791Address 000e.d7f5.a040

This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)

Address 000e.d7f5.a040

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------Fa0/2 Desg FWD 100 128.2 Shr

Fa0/11 Desg FWD 19 128.11 P2p

Fa0/12 Desg FWD 19 128.12 P2p


VLAN0023

Spanning tree enabled protocol ieee

Root ID Priority 32791

Address 000e.d7f5.a040

Cost 19Port 11 (FastEthernet0/11)


Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)

Address 000f.90e2.14c0Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300


12


8/13/2019 cisco lab 56

22/102

8/13/2019 cisco lab 56

23/102

SW2#conf t


SW2(config)#spanning-tree vlan 23 root primarySW2(config)#^Z




Address 000f.90e2.14c0

This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24599 (priority 24576 sys-id-ext 23)Address 000f.90e2.14c0


Aging Time 15


---------------- ---- --- --------- -------- --------------------------Fa0/3 Desg FWD 100 128.3 Shr

Fa0/11 Desg FWD 19 128.11 P2p

Fa0/12 Desg FWD 19 128.12 P2p

On SW1, configure PortFast on the port leading to R2 with spanning

portfast, and note the warning the router displays. Remove PortFastwith no spanning portfast.

SW1#conf t


SW1(config)#int fast 0/2SW1(config-if)#spanning portfast

%Warning: portfast should only be enabled on ports connected to a single

host. Connecting hubs, concentrators, switches, bridges, etc... to this

interface when portfast is enabled, can cause temporary bridging loops.Use with CAUTION

%Portfast has been configured on FastEthernet0/2 but will onlyhave effect when the interface is in a non-trunking mode.

SW1(config-if)#no spanning portfast

SW1(config-if)#^Z


SW1#

14


8/13/2019 cisco lab 56

24/102

Combine the two physical connections between the two switches intoone logical connection by creating an EtherChannel. On each of the

ports physically connected to the other switch, run channel-group 1mode on.

SW1#conf t

SW1(config)#interface fast 0/11

SW1(config-if)#channel-group 1 mode on

Creating a port-channel interface Port-channel 1

03:37:59: %LINK-3-UPDOWN: Interface Port-channel1, changed state to upSW1(config)#interface fast 0/12


SW2#conf tSW2(config)#interface fast 0/11SW2(config-if)#channel-group 1 mode on

Creating a port-channel interface Port-channel 1

03:38:11: %LINK-3-UPDOWN: Interface Port-channel1, changed state to upSW2(config-if)#interface fast 0/12


One benefit of EtherChannels is that the bandwidth of both physicalchannels is now being used. (STP put one of the ports in blocking

mode; only one physical path was being used.) Another benefit is thatSTP considers the Etherchannel to be one single connection; if one of

the two lines went down, the STP algorithm would not run, and therewould be no break in transmission, since STP is only concerned with

the logical portchannel, not the physical interfaces:




Address 000a.8a4b.fb00

Cost 12Port 65 (Port-channel1)


Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)Address 0009.b738.9180


Aging Time 300


15


8/13/2019 cisco lab 56

25/102


---------------- ---- --- --------- -------- -----------------------------

Po1 Root FWD 12 128.65 P2p


16


8/13/2019 cisco lab 56

26/102

Frame Relay Lab

A hub-and-spoke Frame Relay network will now be configured, with R1

serving as the hub and R2 and R3 as the spokes. First, configure

Frame Relay on R1s Serial0 interface with encapsulation frame-relay, and disable dynamic mapping with no frame-relay inverse-arp. After doing so, run show frame map on R1; no mappings

should appear.

R1#conf t


R1(config-if)#encapsulation frame-relayR1(config-if)#no frame-relay inverse-arp

R1#show frame map

R1#If nothing appears after running show frame map, as shown here, no maps exist.

Configure two Permanent Virtual Circuits (PVC) on R1 with two frame

map statements, mapping DLCI 122 to R2 and DLCI 123 to R3.Ensure that broadcasts will be sent over these virtual circuits with thebroadcast keyword. Run show frame map after doing so.

Configuring frame map statements on the hub router.

R1#conf t

R1(config)#interface serial0R1(config-if)#frame map ip 172.12.123.2 122 broadcast

R1(config-if)#frame map ip 172.12.123.3 123 broadcast

R1(config-if)#int s0R1(config-if)#no shut

R1(config-if)#

03:05:51: %LINK-3-UPDOWN: Interface Serial0, changed state to up

03:05:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changedstate to up

R1#show frame map

Serial0 (up): ip 172.12.123.2 dlci 122(0x7A,0x1CA0), static,

broadcast,CISCO, status defined, inactive

Serial0 (up): ip 172.12.123.3 dlci 123(0x7B,0x1CB0), static,

broadcast,

CISCO, status defined, inactive


17

The mappings are inactive because frame-relay has not yet been configured on the remote

routers R2 and R3.


8/13/2019 cisco lab 56

27/102

8/13/2019 cisco lab 56

28/102

You configured a point-to-point interface on R3 in the previous lab.

The command for frame relay is a little different in this situation:

R3#conf t

R3(config)#interface serial0R3(config-if)#encapsulation frame-relayR3(config-if)#no frame-relay inverse-arp

R3(config-if)#interface serial 0.31 point-to-point

R3(config-subif)#frame-relay interface-dlci 321

R3(config-subif)#int s0

R3(config-if)#no shut03:06:52: %LINK-3-UPDOWN: Interface Serial0, changed state to up

03:06:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,

changed state to up

Point-to-point Serial interfaces on a frame relay network do not use dynamic or staticmappings. A point-to-point interface has only one possible destination the other end of

the point-to-point connection. With only one possibly destination, no mapping is

necessary. Instead, the commandframe-relay interface-dlci indicates the single DLCI

that will be used by this interface.

R3#show frame map

Serial0.31 (up): point-to-point dlci, dlci 321(0x141,0x5010), broadcast

status defined, active

From each router, ping the other two routers Serial interfaces on the

frame relay network. All pings will be successful. Run show frame lmiand show frame map on each router as well. Notice that the LMI

counters are incrementing, and the frame map commands show allmaps as active. (Only R1 is shown here, but send pings and run your

show commands on all three routers.)

R1#ping 172.12.123.2


Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2 seconds:!!!!!


R1#ping 172.12.123.3


!!!!!


19



8/13/2019 cisco lab 56

29/102

8/13/2019 cisco lab 56

30/102

R1#show frame lmi

LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI

Invalid Unnumbered info 0 Invalid Prot Disc 0Invalid dummy Call Ref 0 Invalid Msg Type 0Invalid Status Message 0 Invalid Lock Shift 0

Invalid Information ID 0 Invalid Report IE Len 0

Invalid Report Request 0 Invalid Keep IE Len 0

Num Status Enq. Sent 256 Num Status msgs Rcvd 240Num Update Status Rcvd 0 Num Status Timeouts 16

The router is receiving LMI status messages, but when the LMI type was changed, the

Status Timeouts began to accrue. This command gives an indication that there is a

problem with the LMIs. The LMIs are the heartbeat of frame relay; without the right

LMIs, the frame connection dies.

Run debug frame lmi on R1.

R1#debug frame lmi

Frame Relay LMI debugging is onDisplaying all Frame Relay LMI data

00:52:12: Serial0(out): StEnq, myseq 31, yourseen 0, DTE down

00:52:12: datagramstart = 0xE0183C, datagramsize = 1400:52:12: FR encap = 0x00010308

00:52:12: 00 75 95 01 01 00 03 02 1F 00

00:52:12:00:52:22: Serial0(out): StEnq, myseq 32, yourseen 0, DTE down00:52:22: datagramstart = 0xE0183C, datagramsize = 14

00:52:22: FR encap = 0x00010308

00:52:22: 00 75 95 01 01 00 03 02 20 0000:52:22:


00:52:32: datagramstart = 0xE0183C, datagramsize = 1400:52:32: FR encap = 0x00010308

00:52:32: 00 75 95 01 01 00 03 02 21 00

The myseq value continues to increase, but the yourseen value remains at 0.Between debug frame lmi and show frame lmi, it can be seen that LMI messages are

being received from the DCE, but not accepted another indicator of an LMI mismatch.

Leave that debug command on, and change the LMI default back toCisco. (You must know all three LMI types before taking the CCNA

exams!)


21


8/13/2019 cisco lab 56

31/102

R1#debug frame lmiFrame Relay LMI debugging is on

Displaying all Frame Relay LMI data

R1#conf t

R1(config)#interface serial0R1(config-if)#frame-relay lmi-type cisco


00:56:22: datagramstart = 0xE0183C, datagramsize = 13

00:56:22: FR encap = 0xFCF1030900:56:22: 00 75 01 01 00 03 02 01 00

00:56:22: Serial0(in): Status, myseq 100:56:22: RT IE 1, length 1, type 0

00:56:22: KA IE 3, length 2, yourseq 1 , myseq 100:56:22: PVC IE 0x7 , length 0x6 , dlci 122, status 0x2 , bw 0

00:56:22: PVC IE 0x7 , length 0x6 , dlci 123, status 0x2 , bw 000:56:32: Serial0(out): StEnq, myseq 2, yourseen 1, DTE down00:56:32: datagramstart = 0xE0183C, datagramsize = 13

00:56:32: FR encap = 0xFCF10309

00:56:32: 00 75 01 01 01 03 02 02 01


00:56:32: KA IE 3, length 2, yourseq 2 , myseq 2

00:56:32: PVC IE 0x7 , length 0x6 , dlci 122, status 0x2 , bw 000:56:32: PVC IE 0x7 , length 0x6 , dlci 123, status 0x2 , bw 0

00:56:42: Serial0(out): StEnq, myseq 3, yourseen 2, DTE up

00:56:42: datagramstart = 0xE0183C, datagramsize = 1300:56:42: FR encap = 0xFCF10309

00:56:42: 00 75 01 01 01 03 02 03 02


00:56:42: KA IE 3, length 2, yourseq 3 , myseq 300:56:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed

state to up

00:57:22: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 122 state changed toACTIVE

00:57:22: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 123 state changed to

ACTIVE

The incoming myseq packets are now being accepted, and the outgoing messages see

the yourseen value begin to accrue. The DTE end of the connection goes up, the line

protocol goes up soon after that, and finally the previously deleted DLCIs are again

active.


22


8/13/2019 cisco lab 56

32/102

Use IOS Help to see what the LMI options are.

R1#conf t


R1(config)#int serial 0R1(config-if)#frame lmi-type ?

cisco

ansi

q933a

Run show frame pvc on R1. Note the status for each DLCI, and theuptime.

R1#show frame pvc

PVC Statistics for interface Serial0 (Frame Relay DTE)

Active Inactive Deleted Static

Local 2 0 0 0Switched 0 0 0 0

Unused 0 0 0 0

DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =Serial0

input pkts 5 output pkts 5 in bytes 520

out bytes 520 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0

in FECN pkts 0 in BECN pkts 0 out FECN pkts 0out BECN pkts 0 in DE pkts 0 out DE pkts 0

out bcast pkts 0 out bcast bytes 0

pvc create time 00:49:19, last time pvc status changed 00:01:15

DLCI = 123, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =

Serial0

input pkts 17 output pkts 5 in bytes 4024

out bytes 520 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0in FECN pkts 0 in BECN pkts 0 out FECN pkts 0

out BECN pkts 0 in DE pkts 0 out DE pkts 0

out bcast pkts 0 out bcast bytes 0pvc create time 00:49:12, last time pvc status changed 00:01:17


23


8/13/2019 cisco lab 56

33/102

Before you take your CCNA exams, be very familiar with what each ofthese commands show you, and what the letters FECN, BECN, and DE

mean:

FECN: Congestion was experienced in the direction in which this

packet was traveling.

BECN: Congestion was experienced in the opposite direction in which

this packet was traveling.

DE: Packet was marked discard eligible.


24


8/13/2019 cisco lab 56

34/102

ISDN / Point-To-Point Lab

R1 and R3 are directly connected via their S1 interfaces by a DTE/DCE

cable. Before taking your CCNA exams, you MUST know what

command will tell you whether the DTE or DCE end of the cable isconnected to a router. Heres how you do it:

show controller displays the DTE and DCE ends of the connection. The output of

these commands has been truncated for clarity.

R1#show controller serial 1

HD unit 1, idb = 0x107114, driver structure at 0x10C590buffer size 1524 HD unit 1, V.35 DTE cable

R3#show controller serial 1

HD unit 1, idb = 0xC7D1C, driver structure at 0xCCAA0buffer size 1524 HD unit 1, V.35 DCE cable

Ping R1s serial interface from R3.

R3#ping 172.12.13.1


.....


The escape sequence for pings is CTRL-SHIFT-6 performed twice in succession.

The ping fails. Run show interface serial1 to see why.

R3#show interface serial1

Serial1 is up, line protocol is downHardware is HD64570

Internet address is 172.12.13.3/24

The truncated output of show interface serial1 shows the physical interface is up, but

the line protocol is down.


25


8/13/2019 cisco lab 56

35/102

8/13/2019 cisco lab 56

36/102

0 Active Layer 3 Call(s)

Configure dialer map statements on R1 and R2, each mapping to the

other routers BRI interface. Ping R1s BRI interface from R2. Put thephone numbers you were sent in email in place of the xxxxxxx you see

below.

NOTE: If you changed the names of R1 and R2, change themback to those names with the hostname command. The

hostnames R1 and R2 will be used for authentication in thislab, as youll soon see.

R1#conf tR1(config)#interface bri0

R1(config-if)#dialer map ip 172.12.21.2 name R2 broadcast xxxxxxx

R2#conf t

R2(config)#interface bri0R2(config-if)#dialer map ip 172.12.21.1 name R1 broadcast xxxxxxx

R2#ping 172.12.21.1Type escape sequence to abort.


.....


The dialer map configuration is correct, but the pings do not go through.

The ping fails because there is no interesting traffic defined that willbring the line up. Using the dialer-list and dialer-group commands,

allow any IP traffic to bring up the line. Ping R1 from R2. After the

ping goes through, run show dialer to see what packets brought theline up.


27


8/13/2019 cisco lab 56

37/102

All IP traffic is defined as interesting traffic by thedialer-listcommand, and that list is

called by thedialer-group command. The ping packets bring the line up.

R1#conf tR1(config)#dialer-list 1 protocol ip permitR1(config)#interface bri0

R1(config-if)#dialer-group 1

R2#conf tR2(config)#dialer-list 1 protocol ip permit

R2(config)#interface bri0

R2(config-if)#dialer-group 1

R2#ping 172.12.21.1


.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms%LINK-3-UPDOWN: Interface BRI0:1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up

R2#

%ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661 R1

Its normal for a ping to be 80 percent successful the first time youping a destination. After that, youll see 100 percent connectivity.

R2#show dialer

BRI0 - dialer type = ISDN

Dial String Successes Failures Last called Last status

8358661 2 0 00:00:04 successful

0 incoming call(s) have been screened.

BRI0:1 - dialer type = ISDN

Idle timer (120 secs), Fast idle timer (20 secs)

Wait for carrier (30 secs), Re-enable (15 secs)

Dialer state is data link layer upDial reason: ip (s=172.12.21.2, d=172.12.21.1)Time until disconnect 117 secsConnected to 8358661 (R1)

The dial reason in the output of show dialer clearly shows the source (s) and

destination (d) of the packet that caused the line to dial. While it was obvious here why

the line went up, routing protocols send multicasts and broadcasts that can cause such a


28


8/13/2019 cisco lab 56

38/102

line to dial and stay dialed for days, weeks, or even months at a time, which costs a great

deal of money. This command is vital in diagnosing any issue involving an ISDN line

that dials and stays up.The routers will now authenticate each other with PAP over the ISDN

link. Configure the global command username / password on eachrouter, naming the remote router as the username and the password

the remote router will be sending as the password. Useencapsulation ppp and ppp authentication pap to enable each

router to authenticate the other. Have R1 send a password of CCNAand R2 to send a password of CISCO. Use the ppp pap sent-

username command as shown in the following illustration.

Note that you have to manually configure PPP. The defaultencapsulation for a Serial or BRI interface is HDLC. Youll also see the

TEI go down and then come back up; thats normal when you change

the encapsulation.


R1(config)#username R2 password CISCO

R1(config)#int bri0

R1(config-if)#encapsulation ppp03:45:46: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to

down

03:45:48: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to upR1(config-if)#ppp authentication pap

R1(config-if)#ppp pap sent-username R1 password CCNAR1(config-if)#^ZR1#


R2(config)#username R1 password CCNAR2(config)#int bri0

R2(config-if)#encapsulation ppp

03:47:36: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to

down

03:47:37: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to upR2(config-if)#ppp pap sent-username R2 password CISCO

R2(config-if)#^ZR2#

Run debug ppp negotiation on R2 and ping R1s BRI interface.


29


8/13/2019 cisco lab 56

39/102

8/13/2019 cisco lab 56

40/102

R1#conf tR1(config)#no username R2 password CISCO

R1(config)#int bri0

R1(config-if)#no encapsulation ppp

R1(config-if)#^ZR1#

03:56:01: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed todown

03:56:02: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up

R2#conf t


R2(config)#no username R1 password CCNA

R2(config)#interface bri0R2(config-if)#no encapsulation ppp

R2(config-if)#^Z03:56:58: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed todown


Configure the routers for CHAP authentication. The switch-type, dialer

map statements, and dialer-lists have already been configured. Onboth R1 and R2, configure a username / password statement withthe password CCNA. Configure both routers for PPP encapsulation and

CHAP authentication with the encapsulation ppp and pppauthentication chapcommands.

R1#conf tR1(config)#username R2 password CCNA


R1(config-if)#encapsulation ppp03:58:58: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to do


R1(config-if)#ppp authentication chapR1(config-if)#^Z

R1#

R2#conf tR2(config)#username R1 password CCNA


R2(config-if)#encapsulation ppp04:00:00: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to

down



R2(config-if)#ppp authentication chap

31


8/13/2019 cisco lab 56

41/102

R2(config-if)#^Z

With CHAP, the passwords must be the same. Note that there is no

sent-password command, as there was with PAP.

Run debug ppp negotiation, and ping R1 from R2.

R2#debug ppp negotiation

PPP protocol negotiation debugging is on

R2#ping 172.12.21.1



04:01:30: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

04:01:30: BR0:1 PPP: Using dialer call direction04:01:30: BR0:1 PPP: Treating connection as a callout

04:01:30: BR0:1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0 load]04:01:30: BR0:1 LCP: O CONFREQ [Closed] id 1 len 15

04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)04:01:30: BR0:1 LCP: MagicNumber 0x1158551A (0x05061158551A)04:01:30: BR0:1 LCP: I CONFREQ [REQsent] id 1 len 15

04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)04:01:30: BR0:1 LCP: MagicNumber 0x1158F056 (0x05061158F056)

04:01:30: BR0:1 LCP: O CONFACK [REQsent] id 1 len 15

04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)04:01:30: BR0:1 LCP: MagicNumber 0x1158F056 (0x05061158F056)

04:01:30: BR0:1 LCP: I CONFACK [ACKsent] id 1 len 15

04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)04:01:30: BR0:1 LCP: MagicNumber 0x1158551A (0x05061158551A)04:01:30: BR0:1 LCP: State is Open

04:01:30: BR0:1 PPP: P.!hase is AUTHENTICATING, by both [0 sess, 0 load]

04:01:30: BR0:1 CHAP: O CHALLENGE id 1 len 23 from "R2"04:01:30: BR0:1 CHAP: I CHALLENGE id 1 len 23 from "R1"

04:01:30: BR0:1 CHAP: O RESPONSE id 1 len 23 from "R2"

04:01:30: BR0:1 CHAP: I SUCCESS id 1 len 404:01:30: BR0:1 CHAP: I RESPONSE id 1 len 23 from "R1"

04:01:30: BR0:1 CHAP: O SUCCESS id 1 len 4

04:01:30: BR0:1 PPP: Phase is UP [0 sess, 0 load]

04:01:30: BR0:1 IPCP: O CONFREQ [Closed] id 1 len 1004:01:30: BR0:1 IPCP: Address 172.12.21.2 (0x0306AC0C1502)04:01:30: BR0:1 CDPCP: O CONFREQ [Closed] id 1 len 4

04:01:30: BR0:1 IPCP: I CONFREQ [REQsent] id 1 len 1004:01:30: BR0:1 IPCP: Address 172.12.21.1 (0x0306AC0C1501)

04:01:30: BR0:1 IPCP: O CONFACK [REQsent] id 1 len 1004:01:30: BR0:1 IPCP: Address 172.12.21.1 (0x0306AC0C1501)

04:01:30: BR0:1 CDPCP: I CONFREQ [REQsent] id 1 len 4


32


8/13/2019 cisco lab 56

42/102

04:01:30: BR0:1 CDPCP: O CONFACK [REQsent] id 1 len 4

04:01:30: BR0:1 IPCP: I CONFACK [ACKsent] id 1 len 1004:01:30: BR0:1 IPCP: Addr!!!


R2#ess 172.12.21.2 (0x0306AC0C1502)

04:01:30: BR0:1 IPCP: State is Open04:01:30: BR0:1 CDPCP: I CONFACK [ACKsent] id 1 len 4

04:01:30: BR0:1 CDPCP: State is Open

04:01:30: BR0 IPCP: Install route to 172.12.21.104:01:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed

state to up

R2#04:01:36: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551111 R1

As before, run show dialer to see what interesting traffic brought the link up.

R2#show dialerBRI0 - dialer type = ISDN

Dial String Successes Failures Last called Last statu

8358661 4 0 00:00:12 successfu

0 incoming call(s) have been screened.


Idle timer (120 secs), Fast idle timer (20 secs)Wait for carrier (30 secs), Re-enable (15 secs)

Dialer state is data link layer up

Dial reason: ip (s=172.12.21.2, d=172.12.21.1)Time until disconnect 109 secs

Connected to 8358661 (R1)



Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is idle

The ping packet from R2 was the cause of the line dialing.

Obviously, theres a lot more going on here. Notice the challenges

and responses being sent by both sides.

I recommend you run CHAP by using mismatched passwords, and run

this same debug so you can see what it looks like when theres aproblem with passwords.


33


8/13/2019 cisco lab 56

43/102

Turn your debugs off with undebug all .

Using ppp multilink and dialer load-threshold, configure the ISDNinterface on R1 to bring up the second B-channel when the first B-

channel reaches 50% of its outbound capacity. You can also change

the dialer idle-timeout default of 120 seconds as shown below.(Remember that only interesting traffic resets the idle-timeout.)

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface bri0

R1(config)#dialer idle-timeout 30 (This value is in seconds, not minutes!)R1(config-if)#ppp multilink

R1(config-if)#dialer load-thresh 127 ?

either Threshold decision based on max of inbound and outbound trafficinbound Threshold decision based on inbound traffic only

outbound Threshold decision based on outbound traffic only

R1(config-if)#dialer load-thresh 127 outbound

Its very important that you realize that the value you enter with

dialer load-thresholdis a ratio of 255, not 100. If you wanted to

have the second b-channel come up when the first one reaches 75%capacity, youd need to enter the number that is 75% of 255, NOT

100.

Also, you must configure ppp multilinkto have the second link comeup at the specified capacity level.

The following dialer profile lab is a bonus. Its doubtful youll beasked anything about dialer profiles on the CCNA exams, but the

chance is there. Make sure youre proficient with PAP, CHAP, and thedifferent ISDN show and debug commands covered earlier before

spending time configuring dialer profiles.

On the BRI interface, remove the following: the PPP encapsulationtype, the dialer-map statement, the dialer-group statement, the

dialer-load statement, the IP address, and any commands referencingPAP or CHAP authentication.

The ISDN switch-typecommand and username / password

command should remain.


34


8/13/2019 cisco lab 56

44/102

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface bri0

R1(config-if)#no encapsulation pppR1(config-if)#no dialer map ip 172.12.21.2 name R2 broadcast 8358662R1(config-if)#no dialer-group 1

R1(config-if)#no dialer load-threshold 127 outbound

R1(config-if)#no ip address

Make sure the TEI comes back up after going down. If it does not, shut and reopen the

BRI interface.

After removing these statements, the running config should show this for the BRI

interface:

interface BRI0

no ip address

isdn switch-type basic-ni

Configure a dialer profile with the command interface dialer 1 on R1.The IP address that was on the BRI interface will be placed on this

logical interface. Use dialer remote-name to indicate the name ofthe remote router to be dialed, and dialer string to configure the

number to be dialed.

R1#conf tR1(config)#interface dialer 1R1(config-if)#ip address 172.12.21.1 255.255.255.252

R1(config-if)#dialer remote-name R2

R1(config-if)#dialer string xxxxxxx

R1#conf t

R1(config)#interface dialer1R1(config-if)#dialer-group 1

The physical BRI interface and logical Dialer interface must now be

linked. Configure Dialer1 with the dialer pool 1 command, thenmake the BRI interface a member of that pool with the dialer pool-

member 1 command.

R1#conf t

R1(config)#interface dialer1R1(config-if)#dialer pool 1


35


8/13/2019 cisco lab 56

45/102

R1#conf tR1(config)#interface bri0

R1(config-if)#dialer pool-member 1

R2 is still using PPP encapsulation and CHAP authentication; R1 must

also. On both the physical and logical interfaces, configureencapsulation ppp and ppp authentication chap.



R1(config-if)#encapsulation pppR1(config-if)#ppp authentication chap

R1(config)#interface dialer1R1(config-if)#encapsulation ppp

R1(config-if)#ppp authentication chap

When the encapsulation type is changed on the physical interface, the TEI goes up and

down.. If the TEI doesnt come back up, open and shut the physical interface. No such

up / down behavior will occur when the encapsulation type is configured on the

logical interface.

Run debug ppp negotiation and ping R2s BRI interface.

R1#debug ppp negotiationPPP protocol negotiation debugging is on

R1#ping 172.12.21.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.21.2, timeout is 2 seconds:

.!!!!


22:12:07: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up22:12:07: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer1

22:12:07: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358662

22:12:07: BR0:1 PPP: Phase is AUTHENTICATING, by both22:12:07: BR0:1 CHAP: O CHALLENGE id 3 len 23 from "R1"

22:12:07: BR0:1 CHAP: I CHALLENGE id 3 len 23 from "R2"22:12:07: BR0:1 CHAP: O RESPONSE id 3 len 23 from "R1"22:12:07: BR0:1 CHAP: I SUCCESS id 3 len 4

22:12:07: BR0:1 CHAP: I RESPONSE id 3 len 23 from "R2"

22:12:07: BR0:1 CHAP: O SUCCESS id 3 len 4

22:12:07: BR0:1 PPP: Phase is UP


36


8/13/2019 cisco lab 56

46/102

< The expected series of challenges, responses, and successes occur. >

R1#show dialer



Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer up

Dial reason: ip (s=172.12.21.1, d=172.12.21.2)

Interface bound to profile Dialer1Time until disconnect 112 secs

Current call connected 00:00:10

Connected to 8358662 (R2)

Dialer1 - dialer type = DIALER PROFILEIdle timer (120 secs), Fast idle timer (20 secs)Wait for carrier (30 secs), Re-enable (15 secs)

Dialer state is data link layer up

The BRI physical interface is bound to Dialer1, the logical interface, and the status of the

Dialer Profile is up as well.

NOTE: If you keep the dialer profile on this router

during the protocol labs, make sure to substi tute dialer0 or dialer1 , whichever you named thisinterface, for bri0 in the passive-interface command inthe following labs.


37


8/13/2019 cisco lab 56

47/102

8/13/2019 cisco lab 56

48/102

R3#conf t

R3(config)#enable secret ccnaR3(config)#^Z

R3#logout

The enable secretpassword has been set. Users will be prompted for this password whenattempting to enter privileged exec mode.

R3 con0 is now availablePress RETURN to get started.

R3>en

Password:R3#The user was prompted for the enable secret password before being allowed into

privileged exec mode. The password does not appear as it is being keyed in. Thepreviously set enable password of cisco no longer works.

A password can also be set for the console. Enter line configurationmode with the commandline console 0, enter loginto have the user

prompted for a password when logging on to the console, and thepassword command is used to set the password.


R3(config)#line console 0

R3(config-line)#loginR3(config-line)#password cisco

R3(config-line)#^Z

R3(config)#logout

R3 con0 is now available

Press RETURN to get started.


Password: < cisco was entered here >

R3>enablePassword: < ccna was entered here. >

R3#

The user is now prompted for the console password before user exec mode can be

accessed. After entering that password, the user is prompted for the enable secretpassword to enter privileged exec mode.


39


8/13/2019 cisco lab 56

49/102

Now youve set an enable password, an enable secret password, and aconsole password. The final password you need to set is the

password that will be used to authentication telnet users. (By default,a Cisco router can support five simultaneous telnet sessions. This

configuration will apply the same password to all five sessions.)


R3(config)#line vty 0 4

R3(config-line)#login

% Login disabled on line 2, until 'password' is set% Login disabled on line 3, until 'password' is set

% Login disabled on line 4, until 'password' is set

% Login disabled on line 5, until 'password' is set% Login disabled on line 6, until 'password' is set

R3(config-line)#password cisco

It really doesnt matter what order you enter the login command and

the password; as you can see, if you enable login first, yourereminded that no one can log in until a password is set. By default, aCisco router will not allow anyone to connect to it via Telnet

unless a password has been configured on the vty lines.

Encrypting All Router Passwords In The Running Configuration

After configuring a console password and a telnet password, the

passwords appear in the running configuration in clear-text.

R3#show config< output truncated for clarity >

!

line con 0password cisco

login

line aux 0

line vty 0 4password cisco

login


40


8/13/2019 cisco lab 56

50/102

By default, only the enable secret password will be encrypted in therunning configuration. To encrypt all passwords in the running config,

use the global command service password-encryption.

R3#conf t

R3(config)#service password-encryption

R3#show config

service password-encryption!

line con 0

password 7 10692C2D3C3827392F27040Alogin

line aux 0

line vty 0 4

password 7 14343B382F2B

login!

end

The number you see is the level of encryption, which can range from 0 7. The command service password-encryptiongives the

strongest possible encryption level on the router.

Cisco Discovery Protocol

Cisco Discovery Protocol (CDP) runs by default between all directly

connected Cisco devices.

Show cdp neighbordisplays all directly connected Cisco routers and

switches. CDP is Cisco-proprietary, so it will not display non-Ciscodevices.

CDP can be disabled at both the global and interface level. To disableCDP at the interface level, run no cdp enable on the interface, and

cdp enable to turn it back on.

By default, the cdp timer defines how often CDP packets aretransmitted, and cdp holdtime defines how long a device will hold a

received packet.

To turn CDP off for the entire router, run no cdp run. To view the

current global status of CDP, run show cdp.


41


8/13/2019 cisco lab 56

51/102

Run each of these commands on all five of your devices. Practiceturning CDP off and on at the global level and the interface level until

youre very confident that you know which command is which.

R2#show cdp

Global CDP information:Sending CDP packets every 45 seconds

Sending a holdtime value of 100 seconds

The CDP values have been successfully changed. show cdp interface will give the

timer information for each interface on the router.

R2#conf t


R2(config-if)#no cdp enable

CDP is disabled on the BRI interface. This does NOT have to be done to keep the linefrom dialing, as will be shown.

R2#conf t

R2(config)#no cdp run

CDP is disabled globally.

R2#show cdp% CDP is not enabled

CDP has been successfully disabled.

Knowing which password does what is vital to passing the CCNAexams. Know how to configure and spot a correctly configured console

password, enable password, and telnet password. And you REALLYneed to know CDP inside and out! Theres not much there, but yougotta know it!


42


8/13/2019 cisco lab 56

52/102

Static Routing Lab

Create a static route on R3 and one on R1 that will allow R3 to

successfully ping R2s loopback interface, 2.2.2.2. The route should

only consider traffic destined for 2.2.2.2. Use show ip route todisplay the static routes.

R3#conf t

R3(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.1R3#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets

S 2.2.2.2 [1/0] via 172.12.123.13.0.0.0/27 is subnetted, 1 subnets

C 3.3.3.0 is directly connected, Loopback0


C 172.12.13.0 is directly connected, Serial1C 172.12.123.0 is directly connected, Serial0.31

172.23.0.0/27 is subnetted, 1 subnetsC 172.23.23.0 is directly connected, Ethernet0

R1#conf t

R1(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.2

R1#show ip route

< codes deleted for clarity >


1.0.0.0/27 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0


S 2.2.2.2 [1/0] via 172.12.123.2172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks

C 172.12.13.0/24 is directly connected, Serial1

C 172.12.21.0/30 is directly connected, BRI0



43


8/13/2019 cisco lab 56

53/102

Examining the syntax of the ip route commands used in this lab:

R3(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.1

ip route: The command.

2.2.2.2: The destination address.255.255.255.255: The wildcard mask. This particular mask means that only traffic

destined for 2.2.2.2 will use this static route.

172.12.123.1: The next-hop IP address used to reach the destination.

R1(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.2

ip route: The command.2.2.2.2: The destination address.

255.255.255.255. The wildcard mask. Again, only traffic destined for 2.2.2.2 will use this

static route.

172.12.123.2: The next-hop IP address used to reach this destination.

On R3, run debug ip packet, then ping 2.2.2.2. The pings willreturn successfully, and the packets can be seen leaving and entering

the router. Turn all debugs off with undebug all.

R3#debug ip packet

IP packet debugging is onR3#ping 2.2.2.2



!!!!!

Success rate is 100 percent(5/5), round-trip min/avg/max = 132/136/144 m

R3#

IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending

IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending

IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3

IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending



IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3

R3#undebug allAll possible debugging has been turned off


44


8/13/2019 cisco lab 56

54/102

Remove the static routes with the command no ip route. Replacethem with a static route with a destination and wildcard mask of

0.0.0.0. This route will serve as a default route; to verify this, run

show ip routeafter configuring these default static routes.

Notice that with static routes, you can configure either a next-hopaddress or an exit interface on the end of the static route command.

Here, youll configure both.

R3#conf tR3(config)#no ip route 2.2.2.2 255.255.255.255 172.12.123.1

R3(config)#ip route 0.0.0.0 0.0.0.0 serial0.31

R1#conf t

R1(config)#no ip route 2.2.2.2 255.255.255.255 172.12.123.2R1(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.2

A static route configured with a destination and subnet mask of 0.0.0.0 will serve as a

default route.

Examining the routing table of R3 after configuring the default static route.

R3#show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0


C 172.12.13.0 is directly connected, Serial1

C 172.12.123.0 is directly connected, Serial0.31172.23.0.0/24 is subnetted, 1 subnets

C 172.23.23.0 is directly connected, Ethernet0

S* 0.0.0.0/0 is directly connected, Serial0.31

The static route appears on R3 as a candidate default route, and isthen used as the default route. The gateway of last resort is now

set to 0.0.0.0. This is a result of using an exit interface to configurethe static default route, rather than a next-hop IP address.


45


8/13/2019 cisco lab 56

55/102

Examining R1s routing table after configuring the static default route.

R1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is 172.12.123.2 to network 0.0.0.0



172.12.0.0/16 is variably subnetted, 3 subnets, 2 masksC 172.12.13.0/24 is directly connected, Serial1

C 172.12.21.0/30 is directly connected, Dialer1C 172.12.123.0/24 is directly connected, Serial0S* 0.0.0.0/0 [1/0] via 172.12.123.2

R1 is also using the static route as a default route. The gateway of

last resort is set to 172.12.123.2, the next-hop address set in thestatic default route.

For your CCNA exams, its very important to know how to remove a

command, not just enable one. Here, you saw that a static route isremoved with the no ip route command, followed by the static route

being removed. Its the same as configuring a static route; just putno in front of the entire command.


46


8/13/2019 cisco lab 56

56/102

RIP Lab: Configuring RIP Version 1; using

show and debug commands.

Remove any existing routing protocol configuration from your network.

Configure RIP version 1 on all three routers. Run RIP over all

interfaces interconnecting the routers, and the loopback interfaces.

R1#conf t

R1(config)#router rip

R1(config-router)#version 1R1(config-router)#network 172.12.0.0

R1(config-router)#network 1.0.0.0

1d04h: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

1d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed stateto up

Almost immediately after you configure R1 with RIP, youll see theISDN line come up. Why? Run show dialer to see what traffic

brought the link up.

R1#show dialer

BRI0 - dialer type = ISDN

Dial String Successes Failures Last DNIS Last status

5552222 2 0 00:00:08 successful0 incoming call(s) have been screened.

0 incoming call(s) rejected for callback.



Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer up

Dial reason: ip (s=172.12.21.1, d=255.255.255.255)Time until disconnect 113 secsConnected to 5552222 (R2)

The destination 255.255.255.255 brought the link up. RIP version 1

updates are broadcasts. Since all IP traffic was defined as interestingtraffic in the ISDN lab, the link comes up.


47


8/13/2019 cisco lab 56

57/102

RIP has no built-in mechanism for allowing for ISDN links, which iswhy you dont see RIP run across very many ISDN links in the first

place. Configure passive-interface bri0 under the RIP router process.Passive-interface bri0 will allow this interface to accept routing

updates, but not to send them.

R1(config)#router ripR1(config-router)#passive-interface bri0

Verify this with show ip protocols. Become very familiar with all theinformation this command displays.

R1#show ip protocolsRouting Protocol is "rip"

Sending updates every 30 seconds, next due in 27 secondsInvalid after 180 seconds, hold down 180, flushed after 240

Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setRedistributing: rip

Default version control: send version 1, receive version 1

Interface Send Recv Triggered RIP Key-chainLoopback0 1 1

Serial0 1 1

Serial1 1 1

Automatic network summarization is in effectMaximum path: 4

Routing for Networks:

1.0.0.0172.12.0.0

Passive Interface(s):

BRI0Routing Information Sources:

Gateway Distance Last Update

Distance: (default is 120)


48


8/13/2019 cisco lab 56

58/102

Configure RIP on R2 and R3, enabling RIP on all interfaces. Make theBRI interface on R2 passive.

R2#conf t


R2(config-router)#passive-interface bri0R2(config-router)#version 1



R2(config-router)#network 172.23.0.0R2(config-router)#^Z

R2#

R3#conf t


R3(config)#router ripR3(config-router)#version 1


R3(config-router)#network 172.12.0.0R3(config-router)#network 172.23.0.0

R3(config-router)#^Z

In these labs, youll hardcode the routers to run RIP version 1, thenRIP version 2. Keep in mind that the RIP default is to send version 1,

and accept versions 1 and 2.

On each router, run show ip route, then show ip route rip. Here onlythe output of these commands on R1 will be shown. Note that show ip

route shows all the known routes, where show ip route rip shows onlythe RIP-discovered routes.R1#show ip route



C 1.1.1.1 is directly connected, Loopback0R 2.0.0.0/8 [120/1] via 172.12.123.2, 00:00:20, Serial0

R 3.0.0.0/8 [120/1] via 172.12.13.3, 00:00:02, Serial1

[120/1] via 172.12.123.3, 00:00:02, Serial0172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks



C 172.12.123.0/24 is directly connected, Serial0R 172.23.0.0/16 [120/1] via 172.12.123.2, 00:00:21, Serial0

[120/1] via 172.12.13.3, 00:00:03, Serial1


49


8/13/2019 cisco lab 56

59/102

[120/1] via 172.12.123.3, 00:00:03, Serial0R1# show ip route ripR 2.0.0.0/8 [120/1] via 172.12.123.2, 00:00:12, Serial0

R 3.0.0.0/8 [120/1] via 172.12.13.3, 00:00:23, Serial1

[120/1] via 172.12.123.3, 00:00:23, Serial0

R 172.23.0.0/16 [120/1] via 172.12.123.2, 00:00:12, Serial0[120/1] via 172.12.13.3, 00:00:23, Serial1

[120/1] via 172.12.123.3, 00:00:23, Serial0

Note that equal-cost load balancing, enabled by default in bothversions of RIP, is in effect. R1 has three paths to the Ethernet

segment; one through the frame relay cloud via R2, one through theframe relay cloud via R3, and one via the point-to-point Serial link to

R3. All three have the same metric of 1, so RIP puts all three ofthese routes into the routing table. (Remember that distance-vector

protocols perform equal-cost load balancing by default, over four paths

by default, and this can be changed to a range from one to six pathswith the maximum-pathscommand.)

Also notice that since RIP version 1 does not support VLSM, you see

classful masks in the routing table for the loopbacks and for the

Ethernet segment.

Change the maximum number of paths that load-balancing can use oneach router with the maximum-pathscommand.

R1#conf t


R1(config-router)#maximum-paths 6

R2#conf t

R2(config)#router ripR2(config-router)#maximum-paths 6

R3#conf t

R3(config)#router ripR3(config-router)#maximum-paths 6


50


8/13/2019 cisco lab 56

60/102

View the routing updates by running debug ip rip. Clear the routing

table with clear ip route *, and youll see the routing processreinitialize. (Both very important commands, both for your CCNA

exams and for real life.)

R1#debug ip rip

RIP protocol debugging is onR1#clear ip route *

22:01:04: RIP: sending v1 update to 255.255.255.255 via Serial0 (172.12.123.1)22:01:04: subnet 172.12.13.0, metric 122:01:04: subnet 172.12.123.0, metric 1

22:01:04: network 1.0.0.0, metric 1

22:01:04: network 2.0.0.0, metric 2

22:01:04: network 3.0.0.0, metric 222:01:04: network 172.23.0.0, metric 2

22:01:04: RIP: sending v1 update to 255.255.255.255 via Serial1 (172.12.13.1)22:01:04: subnet 172.12.123.0, metric 122:01:04: network 1.0.0.0, metric 1

22:01:04: network 2.0.0.0, metric 2

22:01:06: RIP: sending general request on Loopback0 to 255.255.255.25522:01:06: RIP: sending general request on Serial0 to 255.255.255.255

22:01:06: RIP: sending general request on Serial1 to 255.255.255.255

22:01:07: RIP: received v1 update from 172.12.123.3 on Serial0

Debug ip rip not only shows you the updates and the broadcastsbeing sent and received, but it also helps with troubleshooting.

Are RIP versions 1 and 2 interchangeable? Keep the debug on R1,

change R1s version of RIP to version 2, and clear the routing table.

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#^Z1d04h: %SYS-5-CONFIG_I: Configured from console by console

R1#clear ip route *

< updates will be sent first>

1d04h: RIP: ignored v1 packet from 172.12.13.3 (illegal version)

1d04h: RIP: ignored v1 packet from 172.12.123.3 (illegal version)

R1#undebug all1d04h: RIP: ignored v1 packet from 172.12.123.2 (illegal version)


51


8/13/2019 cisco lab 56

61/102

R1 is refusing the RIP version 1 updates. The two versions of RIP are

not interchangeable, as you can see by looking at the routing table:

R1#show ip routeGateway of last resort is not set



172.12.0.0/16 is variably subnetted, 3 subnets, 2 masksC 172.12.13.0/24 is directly connected, Serial1



The RIP routes are gone.

Remove the RIP process from all three routes with the no router ripcommand.

R1#conf t


R1(config)#no router ripR1(config)#^Z

R1#wr

Building configuration...

R2#conf tEnter configuration commands, one per line. End with CNTL/Z.R2(config)#no router rip

R2(config)#^Z

R2#wrBuilding configuration...


R3(config)#no router rip

R3(config)#^Z

R3#wrBuilding configuration...


52


8/13/2019 cisco lab 56

62/102

Lab: Configuring RIP Version 2. Disabling auto-

summarization; using text and MD5 authentication;Troubleshooting RIP with show and debugcommands.

Configure RIP version 2 on all three routers. Disable RIPs auto-summarization feature with no auto-summary. Enable RIP on all

interfaces of each router, including the loopbacks. Prevent the dialerinterfaces from sending RIP version 2 multicasts with the passive-

interface command.

R1#conf tR1(config)#router ripR1(config-router)#version 2< The RIP-enabled interfaces will receive and send version 2 only. >

R1(config-router)#no auto-summary



R1(config-router)#passive-interface dialer1

R2#conf t


R2(config-router)#version 2R2(config-router)#no auto-summary

R2(config-router)#passive-int bri0



R3#conf tR3(config)#router rip

R3(config-router)#version 2

R3(config-router)#no auto-summary



To verify VLSM support and equal-cost load-balancing, run show ip

route rip on R1.


53


8/13/2019 cisco lab 56

63/102

R1#show ip route rip

2.0.0.0/27is subnetted, 1 subnets

R 2.2.2.0 [120/1] via 172.12.123.2, 00:00:15, Serial03.0.0.0/27is subnetted, 1 subnets

R 3.3.3.0 [120/1] via 172.12.13.3, 00:00:14, Serial1

[120/1] via 172.12.123.3, 00:00:14, Serial0172.23.0.0/27 is subnetted, 1 subnets

R 172.23.23.0 [120/1] via 172.12.123.2, 00:00:15, Serial0

[120/1] via 172.12.13.3, 00:00:14, Serial1

[120/1] via 172.12.123.3, 00:00:15, Serial0

VLSM support is evident from the non-classful subnets masks for

networks 2.0.0.0 and 3.0.0.0. Equal-cost load balancing is takingplace as well, with three routes sharing the load from R1 to network

172.23.23.0.

From each router, ping the remote loopback addresses. All pings

should succeed.

You know that RIP version 1 sends updates to 255.255.255.255. Whataddress does RIP version 2 send updates to? Run debug ip rip, then

run clear ip route * to immediately clear the routing table. (Thiscommand forces the routing protocol to send and request updates

now, rather than waiting for the next regularly scheduled update.)

R1#debug ip rip

RIP protocol debugging is on

R1#clear ip route *1d04h: RIP: sending request on Loopback0 to 224.0.0.9

1d04h: RIP: sending request on Serial1 to 224.0.0.9

1d04h: RIP: sending request on Serial0 to 224.0.0.9

RIP version 2 multicasts updates to 224.0.0.9.

Turn your debugs off with undebug all. You can also turn off debugson an individual basis by running the command for that particular

debug with no in front of the command.

R1#no debug ip rip

RIP protocol debugging is offR1#undebug all


54


8/13/2019 cisco lab 56

64/102

All possible debugging has been turned off

IGRP Lab

Remove any previous routing protocol configurations beforeproceeding.

Configure IGRP on R1, R2, and R3 with the router igrp 1command. IGRP will run on all interfaces in the 172.12.0.0network, the 172.23.0.0 network, and all loopbackinterfaces. We dont want IGRP updates to bring the ISDNline up; configure passive-interface bri0 under the IGRPprocess.

R1#conf tR1(config)#router igrp 1


R1(config-router)#network 1.0.0.0R1(config-router)#passive-interface bri0

The 1 in therouter igrp command re

Documents

cisco lab 56